REST certified provisioners
You can use a REST connection to enable provisioning between PingOne and a REST-based target system. This allows you to import users into PingOne and provision users and groups from PingOne to REST endpoints.
Provisioning Zendesk with a REST connection using PingOne
As a REST-certified provisioner, Zendesk enables you to configure this provisioning framework to sync users and groups between PingOne and Zendesk.
Provisioning capabilities
| Resource | Capability | Description | Inbound | Outbound |
|---|---|---|---|---|
User |
Create |
Generates a new user record in the destination. |
Yes |
Yes |
Read |
Retrieves or polls user attributes for synchronization. |
Yes |
Yes |
|
Update |
Modifies existing attributes, such as |
Yes |
Yes |
|
Delete |
Deletes a user or temporarily suspends an account. |
Yes |
Yes |
|
Group |
Create |
Provisions a new group in the target application. |
No |
Yes |
Rename |
Updates the display name or identifier of an existing group. |
No |
Yes |
|
Delete |
Removes a group from the target application. |
No |
Yes |
|
Membership |
Add and remove |
Handles additions and removals of users within groups. |
No |
No |
Before you begin
Make sure that you have:
-
Administrator access to the Zendesk application you want to provision against.
-
The following from your Zendesk account for OAuth or token authentication:
-
Client ID
-
Client Secret
-
Token Endpoint
-
Grant Type
-
Scope
-
Authorization Token Prefix
-
Auth Token
-
-
User and group schema definitions that you can upload in the Object Types section in PingOne.
-
Users assigned to a specific population or group in PingOne designated for Zendesk provisioning. Learn more in Adding a user in PingOne and Managing groups.
Steps
-
In the PingOne admin console, create a REST provisioning connection to Zendesk.
Configure the REST connection with the following values specific to your Zendesk account:
-
Name: Enter a name for your connection, such as
Zendesk REST Provisioning. -
Description (optional): Enter a description for your Zendesk provisioning connection.
-
Authentication Method: Select one of the following:
-
OAUTH: Enter the following:
Configuration Example Service URI
https://api.example.comClient ID
example-client-idClient Secret
example-client-secretToken Endpoint
https://api.example.com/oauth/tokenGrant Type
Select client_credentials or refresh_token. When refresh_token is selected, the Refresh Token field is required.
(Optional) Scope
read write -
TOKEN: Enter the following:
-
Service URI:
https://api.example.com -
Authorization Token Prefix:
Bearer -
Auth Token:
example-auth-token.
-
-
-
In the User Actions section, select the following as needed:
Field Description Enable users creation
Creates a user in the target identity store when the user is created in the source identity store.
Enable users updation
Updates user attributes in the target identity store when the user is updated in the source identity store.
Enable users deprovision
Deprovisions a user in the target identity store when the user is deprovisioned in the source identity store. If Enable users deprovision is selected, the following options appear:
-
Remove Action: Removes or disables a user in the target identity store when the user is deleted in the source identity store.
-
Deprovision on rule deletion: Deprovisions users if the associated provisioning rule is deleted.
-
-
In the Object Types section for the REST connection, upload or define the schema for the User Object or Group Object. Learn more in Provisioning REST with PingOne.
-
-
Create an outbound rule and select the Zendesk connection as the target. This is also when you can add a user filter and attribute mapping.
-
Confirm users and groups are successfully provisioned to Zendesk. View the sync status to review synchronization results and any errors. You can find examples in Outbound provisioning sync summary examples.
Zendesk object attributes
The following table lists example attributes that can be mapped for user provisioning:
| Attribute | Description |
|---|---|
|
The display name for the Zendesk user or group. |
|
The primary email address for the Zendesk user. |
|
The phone number for the Zendesk user. |
Example REST-Zendesk schemas
The following are examples of user and group schemas. Use the most current schema supported by your environment.
User schema
{
"schema": [
{
"fieldName": "name",
"type": "STRING",
"flags": ["REQUIRED"]
},
{
"fieldName": "email",
"type": "STRING",
"flags": []
},
{
"fieldName": "role",
"type": "STRING",
"flags": []
},
{
"fieldName": "alias",
"type": "STRING",
"flags": []
},
{
"fieldName": "timezone",
"type": "STRING",
"flags": []
},
{
"fieldName": "external_id",
"type": "STRING",
"flags": []
},
{
"fieldName": "suspended",
"type": "BOOLEAN",
"flags": []
},
{
"fieldName": "phone",
"type": "STRING",
"flags": []
},
{
"fieldName": "verified",
"type": "BOOLEAN",
"flags": []
}
],
"operations": {
"CREATE": {
"method": "post",
"path": "api/v2/users.json",
"idPath": "user.id",
"requestMapping": {
"name": "user.name",
"email": "user.email",
"role": "user.role",
"alias": "user.alias",
"timezone": "user.timezone",
"external_id": "user.external_id",
"suspended": "user.suspended",
"phone": "user.phone",
"verified": "user.verified"
},
"requestBody": {
"user": {}
}
},
"GET": {
"method": "get",
"path": "api/v2/users/{uid}.json",
"idPath": "user.id",
"namePath": "user.email",
"responseMapping": {
"name": "user.name",
"email": "user.email",
"role": "user.role",
"alias": "user.alias",
"timezone": "user.timezone",
"external_id": "user.external_id",
"suspended": "user.suspended",
"phone": "user.phone",
"verified": "user.verified"
}
},
"UPDATE": {
"method": "put",
"path": "api/v2/users/{uid}.json",
"idPath": "user.id",
"requestMapping": {
"name": "user.name",
"email": "user.email",
"role": "user.role",
"alias": "user.alias",
"timezone": "user.timezone",
"external_id": "user.external_id",
"suspended": "user.suspended",
"phone": "user.phone",
"verified": "user.verified"
},
"requestBody": {
"user": {}
}
},
"DELETE": {
"method": "delete",
"path": "api/v2/users/{uid}.json"
},
"QUERY": {
"method": "get",
"path": "api/v2/users.json",
"idPath": "id",
"namePath": "name",
"pagination": {
"pageSizePagination": {
"type": "param",
"param": "page[size]={_pageSize}"
},
"cookiePagination": {
"type": "param",
"param": "page[after]={_pagedResultsCookie}"
},
"pagedResultsCookie": {
"type": "body",
"path": "$.meta.after_cursor"
}
},
"responseMapping": {
"$.users": {
"id": "id",
"email": "email",
"name": "name",
"role": "role",
"suspended": "suspended",
"alias": "alias",
"timezone": "timezone",
"external_id": "external_id",
"phone": "phone",
"verified": "verified"
}
}
}
}
}
Group schema
{
"schema": [
{
"fieldName": "name",
"type": "STRING",
"flags": []
}
],
"operations": {
"CREATE": {
"method": "post",
"path": "api/v2/groups.json",
"idPath": "group.id",
"requestMapping": {
"name": "group.name"
},
"requestBody": {
"group": {}
}
},
"GET": {
"method": "get",
"path": "api/v2/groups/{uid}.json",
"idPath": "group.id",
"namePath": "group.name",
"responseMapping": {
"name": "group.name"
}
},
"UPDATE": {
"method": "put",
"path": "api/v2/groups/{uid}.json",
"idPath": "group.id",
"requestMapping": {
"name": "group.name"
},
"requestBody": {
"group": {}
}
},
"DELETE": {
"method": "delete",
"path": "api/v2/groups/{uid}.json"
}
},
"exceptions": {
"NOT_FOUND": [
{
"code": "404",
"messageErrorPath": "error",
"regularExpression": ".*"
}
],
"ALREADY_EXIST": [
{
"code": "422",
"messageErrorPath": "description",
"regularExpression": ".*"
}
],
"BAD_REQUEST": [
{
"code": "400",
"messageErrorPath": "error",
"regularExpression": ".*"
}
]
}
}